Age | Commit message (Collapse) | Author |
|
Backport the CVE patch from upstream:
[https://sourceware.org/git/gitweb.cgi?p=glibc.git;
a=patch;h=9333498794cde1d5cca518badf79533a24114b6f]
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
We're about to need to use this variable in the main include file so
restructure the users of it to all set it appropriately.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4a247e7c961286cbed73b6dc0f4074ecf856402a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
see:
https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68
(From OE-Core rev: 12a5eb0ea6f530ad7be2e58d4091b4edadbf461b)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
(From OE-Core rev: f2f7aa9a495774fe5a2e3947584cb3503bd1eaf1)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Include the version number in a format that is comparable to what we get
from NVD.
(From OE-Core rev: fdb2a95d5e0265de1172940b6dc71fc7d602e8d1)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
This recipe is intended to be run manually or via oeqa.
[YOCTO #13737]
Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit eadbe01bb8232de79e0827e6c6b3411f69ea7303)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This task is not intended to be run as this recipe does not produce any
packages or install any sysroot content. Additionally running this task
behaves differently from a normal glibc build, and can result in issues.
[YOCTO #13737]
Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2b51252cb8bd9badfa28794f9ef9431b48752e3d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The build was deciding whether to rename manpages based upon the presence of
/etc/debian_version. Be explicit about the configuration instead and
ensure determinism.
[YOCTO #13781]
(From OE-Core rev: 09c8a28893e7ca94a44232d802e1cb02a8f34b87)
(From OE-Core rev: 3d114c08c32578426646f5d97769d2c66fea06cb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
With a sequence like:
bitbake sysvinit
bitbake sysvinit -c clean
bitbake sysvinit -c package_write_ipk -f
then the resulting package has two files with group "root/70" rather
than "root/shutdown". The issue is that of do_package is a setscene
task, base-passwd isn't present. This patch fixes that dependency
but there may be other cases of this problem around.
[YOCTO #13776]
(From OE-Core rev: 0227e929021263c51d2e7db36224000fecb01f1c)
(From OE-Core rev: cbcba43c18d67aea0ba41f019b357fbec6570ee1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
There is a bug in patch 2.7.3 and earlier where index lines
in patches can change file modes when they shouldn't:
http://git.savannah.gnu.org/cgit/patch.git/patch/?id=82b800c9552a088a241457948219d25ce0a407a4
This leaks into debug sources in particular (e.g. tcp-wrappers where
source files are read-only). Add the dependency to target recipes
to avoid this problem until we can rely on 2.7.4 or later.
We could try and remove all index lines from patch files but it will be a
losing battle. We could try and identify all the recipes which change
modes on files in patches but again, its a losing battle.
Instead, compromise and have patch-native as a dependency
for target recipes. We use patch-replacement-native since patch-native
is in ASSUME_PROVIDED.
Also add nativesdk-patch to buildtools-tarball.
[YOCTO #13777]
(From OE-Core rev: 5ed0840c93804488cd1c1aba6cb382b2434714a5)
(From OE-Core rev: fd3bd61a6fe5190c575dc968f3a0be9c1cbf21ed)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
busybox as well as vlock utility from meta-oe provides vlock utility
which can conflict when with kbd if pam is a enabled distro_feature
Fixes image build errors
update-alternatives: Error: not linking <rootfs>/usr/bin/vlock to /bin/busybox.suid since <rootfs>/usr/bin/vlock exists and is not a link
ERROR: yoe-qt5-wayland-image-1.0-r0 do_rootfs: Postinstall scriptlets of ['busybox'] have failed. If the intention is to defer them to first boot,
then please place them into pkg_postinst_ontarget_${PN} ().
Deferring to first boot via 'exit 1' is no longer supported.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The vlock doesn't exist if PAM isn't enabled.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: De Huo <de.huo@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Downstream bug report: https://bugs.gentoo.org/661650
Upstream-Status: Backport [f7f357ef079b6d185f340e716d7c72a98d82bad0]
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Signed-off-by: De Huo <De.Huo@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
see:
https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bugfix-only changes on the 243 stable branch.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The script scans for services, parses them and makes sure those targets are still
there. The exists file check fails if the target is an alias, such as default.target
so add an additional test.
[YOCTO #13685]
(From OE-Core rev: 10bdbf033e51c97f6408c9114d480372135a2c2e)
Signed-off-by: Werner Grift <sky.captin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Switch to recently released version 1.1 of NVD CVE JSON feed, as in
https://nvd.nist.gov/General/News/JSON-1-1-Vulnerability-Feed-Release
it is mentioned that
Due to changes required to support CVSS v3.1 scoring, the JSON
vulnerability feeds must be modified. This will require the consumers
of this data to update their internal processes. We will be providing
the JSON 1.1 schema on the data feeds page and the information below
to prepare for this transition.
...
The JSON 1.1 data feeds will be available on September 9th, 2019. At
that time the current JSON 1.0 data feeds will no longer available.
This change was tested briefly by issuing 'bitbake core-image-minimal'
with 'cve-check.bbclass' inherited via local.conf, and then comparing
the content between the resulting two
'DEPLOY_DIR_IMAGE/core-image-minimal-qemux86.cve' files, which did not
seem to contain any other change, except total of 167 entries like
CVSS v3 BASE SCORE: 0.0
were replaced with similar 'CVSS v3 BASE SCORE:' entries which had
scores that were greater than '0.0' (up to '9.8').
(From OE-Core rev: cc20e4d8ff2f3aa52a2658404af9a0ff358cc323)
Signed-off-by: Niko Mauno <niko.mauno@iki.fi>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Change all recipes to https where we get an http 301 permanent redirect.
(From OE-Core rev: e514acda9e12bccde6d3974e0fd1a37b3837191a)
Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixed in 2.60.4, but CPE data is outdated.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport from 2.30 stable branch and drop NEWS section.
(From OE-Core rev: b4d4f70380c100d8ab06557237d8d5649a885e30)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
urllib handles adding proxy handlers if the proxies are set in the environment,
so call bb.utils.export_proxies() to do that and remove the manual setup.
(From OE-Core rev: 6b73004668b3b71c9c38814b79fbb58c893ed434)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Create an index on the PRODUCTS table which contains a row for each CPE,
drastically increasing the performance of lookups for a specific CVE.
(From OE-Core rev: b4048b05b3a00d85c40d09961f846eadcebd812e)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Don't hardcode the database filename, there's a variable for this in
cve-check.bbclass.
(From OE-Core rev: 0d188a9dc4ae64c64cd661e9d9c3841e86f226ab)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We already fetch the yearly CVE metadata and check that for updates before
downloading the full data, but we can speed up CVE checking further by only
checking the CVE metadata once an hour.
(From OE-Core rev: 50d898fd360c58fe85460517d965f62b7654771a)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Without this change, efibootmgr is unable to recover BootOrder if lost
during a previous write operation, e.g. exceeded storage capacity. This
is problematic using EFI to manage boot flow from Linux (E.g. via RAUC).
https://www.kernel.org/doc/Documentation/filesystems/efivarfs.txt
Signed-off-by: Haris Okanovic <haris.okanovic@ni.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
PKNAME is NULL when run "lsblk -o+PKNAME /dev/sda1"
backport an upstream patch to fix it.
Signed-off-by: Liwei Song <liwei.song@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a5a987ff5e5e333e28be44a12e729907272ea3cb)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The PID file referenced in dbus-1.init script was out of date and no longer existed. This meant that dbus could not be restarted via init.d without force removing the old PID file.
Signed-off-by: fridgecow <fridgecow@fb.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 2ed6f06f30cb54b9c70f1a92d93c920ec4d01ffe)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport changes to tinfo/comp_hash.c, tinfo/parse_entry.c,
and progs/dump_entry.c from upstream to fix CVEs.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
OpenSuse's libreadline has extra symbol information which upsets our uninative
loader as our libreadline is missing symbols with the appropriate versions.
The simplest solution is to add the version information as they're harmless.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This service file is designed to do first-boot initialisation of the udev hwdb
database, but the condition logic to fire it is suboptimal: it can fire if not
needed, and can also not fire if needed. Specifically it will always fire on
first boot, even though as part of rootfs generation we build the hwdb database.
On slow machines this can take a significant amount of time, the pathological
case being qemumips where the service can time out after 90 seconds of
processing.
Other distributions have also noticed this problem (specifically, at least
Debian and Clear) and solve it by using traditional postinst scripts to generate
the hwdb (which we already do) and deleting the service file (which we don't).
Finish the fix and improve boot times across all boards by deleting the service
file.
[ YOCTO #13504 ]
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is already installed by the install target to $datadir/pkgconfig, so
there's no need to install it again to $libdir/pkgconfig.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop upstream'ed patch
Fix libgcc build with musl
Detailed ChangeLog [1]
[1] https://git.musl-libc.org/cgit/musl/log/?qt=range&q=1f0e9f9cc2e3fa354f94e18b3b362de5f1ec7272..2c2477da9a553c0b9b2fa18073a5dcdbe6d395af
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When systemd is built without internal resolver, it does not make
sense to expose it as a resolv-conf alternative and can even break
images where this alternative would be chosen, because of an
invalid symlink.
Signed-off-by: Alexandre Bard <alexandre.bard@netmodule.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes packages like gdb compile
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Since commit (kernel >= 4.20):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f027c34d844013d9d6c902af8fa01a82d6e5073d
specifying rootfs by PARTLABEL is supported. This commit adds support to
specify root by GPT partition label.
Signed-off-by: Diego Rondini <diego.rondini@kynetics.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Currently systemd cannot boot correctly on NFS. This is because
the code uses readdir which returns DT_UNKNOWN instead of DT_LNK
on NFS. So consider DT_UNKNOWN to fix this problem.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Some of the packagegroups violate the allarch policy therefore the ones
which do so, should be marked as TUNE specific
Fixes QA errors
packagegroup-self-hosted-1.0: Package version for package packagegroup-self-hosted-graphics went backwards which would break package feeds from (0:1.0-r13.12 to 0:1.0-r13.9) [version-going-backwards]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This reverts commit db5f08c16eff01f3af0b99119c09f68628e2331d.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If hwdb is disabled, then systemd-hwdb-update.service does not exists.
Do not try to modify it in this case.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Use appropriate variable name for root of partuuid.
Signed-off-by: Diego Rondini <diego.rondini@kynetics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Ensure the task is properly regsistered as an sstate task as this
"half way" state confuses new code in bitbake and it isn't supported.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|